0

I am configuring a HTTPS proxy, which I want to use for my laptop wherever I go. The idea is that since its encrypted, I should be safe from eavesdroppers, even on open wireless networks. Think of it as a easy to configure VPN for web browsing.

My problem however, is that HTTP requests does not use my HTTPS proxy, but go directly to the internet.

Is there a "standard" way to force all requests over a https proxy, or maybe I am forced to install a local squid proxy, and forward all requests to a *cache_peer* with SSL enabled?

Note that installing software on the client machine is unwanted, as it would complicate the setup for various devices (smartphone, etc).

Dog eat cat world
  • 5,759
  • 1
  • 27
  • 46
  • 1
    How is this easier than using an _actual_ VPN and setting your browser to use that? – Andrew Lott Jan 30 '14 at 12:06
  • I was not aware that web browsers are capable of using VPN directly. I thought I had to have a VPN adapter (interface). I also have run into many networks that do not support VPN traffic due to transparent proxies. Thats why I am working on this issue. – Dog eat cat world Jan 30 '14 at 12:19

1 Answers1

5

There are two distinct things:

  • Connecting to a HTTPS Web site through a non-SSL HTTP proxy.
  • Connecting to a HTTP Web site through an HTTPS proxy.

The former uses the CONNECT proxy verb, and it works well. You want to latter, which is ill-supported by browsers. For instance, when you configure proxies in Firefox through this popup:

Firefox settings window for proxies

then the entry field about "SSL proxy" is about a non-SSL proxy to use to connect to HTTPS Web site, and not the other one.

It seems that Firefox cannot yet use a proxy over HTTPS. Chrome can but requires some manual trickery.

For a practical secure proxy, I suggest that you use SSH and run it as a "SOCKS proxy". This works well with existing browsers; see this answer for some practical details. The screenshot above indeed illustrates the use of such a SOCKS proxy (when a SOCKS proxy is in force, all the browser communications will go through it, for all protocols, and that's what you want).

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • Thanks, I was afraid it was not possible to do this. Some networks block ssh, so this proposed solution is not working as a silver bullet for all open wifi networks. I will use this, and perhaps one day I configure a local proxy to encapsulate all traffic through https. – Dog eat cat world Feb 06 '14 at 14:50